mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-11451 grade publishing security/privacy improved - new capabilities needed for publishing, by default allowed only for admins; added warning to publishing option

Browse Source
This commit is contained in:
skodak 2007-09-27 06:51:54 +00:00
parent 349a4aea81
commit 0a3bdfaf79
27 changed files with 110 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
grade/export/ods/db/access.php
View File

@ -11,7 +11,17 @@ $gradeexport_ods_capabilities = array(
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'gradeexport/ods:publish' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);
?>

6
grade/export/ods/dump.php
View File

@ -4,6 +4,9 @@ $nomoodlecookie = true; // session not used here
require '../../../config.php';
$id = required_param('id', PARAM_INT); // course id
if (!$course = get_record('course', 'id', $id)) {
print_error('nocourseid');
}
require_user_key_login('grade/export', $id); // we want different keys for each course
@ -11,6 +14,9 @@ if (empty($CFG->gradepublishing)) {
error('Grade publishing disabled');
}
$context = get_context_instance(CONTEXT_COURSE, $id);
require_capability('gradeexport/ods:pusblish', $context);
// use the same page parameters as export.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
require 'export.php';

4
grade/export/ods/index.php
View File

@ -47,6 +47,10 @@ $navigation = grade_build_nav(__FILE__, $actionstr, array('courseid' => $course-
print_header($course->shortname.': '.get_string('grades'), $course->fullname, $navigation);
print_grade_plugin_selector($id, 'export', 'ods');
if (!empty($CFG->gradepublishing)) {
$CFG->gradepublishing = has_capability('gradeexport/ods:publish', $context);
}
$mform = new grade_export_form(null, array('publishing' => true));
// process post information

2
grade/export/ods/version.php
View File

@ -1,6 +1,6 @@
<?PHP // $Id$
$plugin->version = 2007072500;
$plugin->version = 2007092701;
$plugin->requires = 2007072402;
?>

10
grade/export/txt/db/access.php
View File

@ -11,7 +11,17 @@ $gradeexport_txt_capabilities = array(
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'gradeexport/txt:publish' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);
?>

6
grade/export/txt/dump.php
View File

@ -4,6 +4,9 @@ $nomoodlecookie = true; // session not used here
require '../../../config.php';
$id = required_param('id', PARAM_INT); // course id
if (!$course = get_record('course', 'id', $id)) {
print_error('nocourseid');
}
require_user_key_login('grade/export', $id); // we want different keys for each course
@ -11,6 +14,9 @@ if (empty($CFG->gradepublishing)) {
error('Grade publishing disabled');
}
$context = get_context_instance(CONTEXT_COURSE, $id);
require_capability('gradeexport/txt:pusblish', $context);
// use the same page parameters as export.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
require 'export.php';

4
grade/export/txt/index.php
View File

@ -47,6 +47,10 @@ $navigation = grade_build_nav(__FILE__, $actionstr, array('courseid' => $course-
print_header($course->shortname.': '.get_string('grades'), $course->fullname, $navigation);
print_grade_plugin_selector($id, 'export', 'txt');
if (!empty($CFG->gradepublishing)) {
$CFG->gradepublishing = has_capability('gradeexport/txt:publish', $context);
}
$mform = new grade_export_form(null, array('includeseparator'=>true, 'publishing' => true));
// process post information

2
grade/export/txt/version.php
View File

@ -1,6 +1,6 @@
<?PHP // $Id$
$plugin->version = 2007072500;
$plugin->version = 2007092700;
$plugin->requires = 2007072402;
?>

10
grade/export/xls/db/access.php
View File

@ -11,7 +11,17 @@ $gradeexport_xls_capabilities = array(
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'gradeexport/xls:publish' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);
?>

6
grade/export/xls/dump.php
View File

@ -4,6 +4,9 @@ $nomoodlecookie = true; // session not used here
require '../../../config.php';
$id = required_param('id', PARAM_INT); // course id
if (!$course = get_record('course', 'id', $id)) {
print_error('nocourseid');
}
require_user_key_login('grade/export', $id); // we want different keys for each course
@ -11,6 +14,9 @@ if (empty($CFG->gradepublishing)) {
error('Grade publishing disabled');
}
$context = get_context_instance(CONTEXT_COURSE, $id);
require_capability('gradeexport/xls:pusblish', $context);
// use the same page parameters as export.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
require 'export.php';

4
grade/export/xls/index.php
View File

@ -47,6 +47,10 @@ $navigation = grade_build_nav(__FILE__, $actionstr, array('courseid' => $course-
print_header($course->shortname.': '.get_string('grades'), $course->fullname, $navigation);
print_grade_plugin_selector($id, 'export', 'xls');
if (!empty($CFG->gradepublishing)) {
$CFG->gradepublishing = has_capability('gradeexport/xls:publish', $context);
}
$mform = new grade_export_form(null, array('publishing' => true));
// process post information

2
grade/export/xls/version.php
View File

@ -1,6 +1,6 @@
<?PHP // $Id$
$plugin->version = 2007072500;
$plugin->version = 2007092700;
$plugin->requires = 2007072402;
?>

10
grade/export/xml/db/access.php
View File

@ -11,7 +11,17 @@ $gradeexport_xml_capabilities = array(
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'gradeexport/xml:publish' => array(
'riskbitmask' => RISK_PERSONAL,
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);
?>

6
grade/export/xml/dump.php
View File

@ -4,6 +4,9 @@ $nomoodlecookie = true; // session not used here
require '../../../config.php';
$id = required_param('id', PARAM_INT); // course id
if (!$course = get_record('course', 'id', $id)) {
print_error('nocourseid');
}
require_user_key_login('grade/export', $id); // we want different keys for each course
@ -11,6 +14,9 @@ if (empty($CFG->gradepublishing)) {
error('Grade publishing disabled');
}
$context = get_context_instance(CONTEXT_COURSE, $id);
require_capability('gradeexport/xml:pusblish', $context);
// use the same page parameters as export.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
require 'export.php';

4
grade/export/xml/index.php
View File

@ -47,6 +47,10 @@ $navigation = grade_build_nav(__FILE__, $actionstr, array('courseid' => $course-
print_header($course->shortname.': '.get_string('grades'), $course->fullname, $navigation);
print_grade_plugin_selector($id, 'export', 'xml');
if (!empty($CFG->gradepublishing)) {
$CFG->gradepublishing = has_capability('gradeexport/xml:publish', $context);
}
$mform = new grade_export_form(null, array('idnumberrequired'=>true, 'publishing' => true));
// process post information

2
grade/export/xml/version.php
View File

@ -1,6 +1,6 @@
<?PHP // $Id$
$plugin->version = 2007072500;
$plugin->version = 2007092700;
$plugin->requires = 2007072402;
?>

8
grade/import/xml/db/access.php
View File

@ -9,6 +9,14 @@ $gradeimport_xml_capabilities = array(
'editingteacher' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),
'gradeimport/xml:publish' => array(
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
)
);

6
grade/import/xml/fetch.php
View File

@ -4,6 +4,9 @@ $nomoodlecookie = true; // session not used here
require '../../../config.php';
$id = required_param('id', PARAM_INT); // course id
if (!$course = get_record('course', 'id', $id)) {
print_error('nocourseid');
}
require_user_key_login('grade/import', $id); // we want different keys for each course
@ -11,6 +14,9 @@ if (empty($CFG->gradepublishing)) {
error('Grade publishing disabled');
}
$context = get_context_instance(CONTEXT_COURSE, $id);
require_capability('gradeimport/xml:pusblish', $context);
// use the same page parameters as import.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
require 'import.php';

4
grade/import/xml/index.php
View File

@ -43,6 +43,10 @@ $strgrades = get_string('grades', 'grades');
$actionstr = get_string('modulename', 'gradeimport_xml');
$navigation = grade_build_nav(__FILE__, $actionstr, array('courseid' => $course->id));
if (!empty($CFG->gradepublishing)) {
$CFG->gradepublishing = has_capability('gradeimport/xml:publish', $context);
}
$mform = new grade_import_form();
if ($data = $mform->get_data()) {

2
grade/import/xml/version.php
View File

@ -1,6 +1,6 @@
<?PHP // $Id$
$plugin->version = 2007092600;
$plugin->version = 2007092700;
$plugin->requires = 2007092002;
?>

1
lang/en_utf8/gradeexport_csv.php
View File

@ -2,5 +2,6 @@
$string['modulename'] = 'CSV file';
$string['cvs:view'] = 'Use CSV grade export';
$string['cvs:publish'] = 'Publish CSV grade export';
?>

1
lang/en_utf8/gradeexport_ods.php
View File

@ -2,5 +2,6 @@
$string['modulename'] = 'OpenOffice spreadsheet';
$string['ods:view'] = 'Use Openoffice grade export';
$string['ods:publish'] = 'Publish ODS grade export';
?>

1
lang/en_utf8/gradeexport_txt.php
View File

@ -2,5 +2,6 @@
$string['modulename'] = 'Plain text file';
$string['txt:view'] = 'Use text grade export';
$string['txt:publish'] = 'Publish TXT grade export';
?>

1
lang/en_utf8/gradeexport_xls.php
View File

@ -2,5 +2,6 @@
$string['modulename'] = 'Excel spreadsheet';
$string['xls:view'] = 'Use Excel grade export';
$string['xls:publish'] = 'Publish XLS grade export';
?>

1
lang/en_utf8/gradeexport_xml.php
View File

@ -2,5 +2,6 @@
$string['modulename'] = 'XML file';
$string['xml:view'] = 'Use XML grade export';
$string['xml:publish'] = 'Publish XML grade export';
?>

1
lang/en_utf8/gradeimport_xml.php
View File

@ -6,5 +6,6 @@ $string['errincorrectidnumber'] = 'Error - incorrect idnumber';
$string['fileurl'] = 'Remote file URL';
$string['modulename'] = 'XML file';
$string['xml:view'] = 'Import grades from XML';
$string['xml:publish'] = 'Publish import grades from XML';
?>

2
lang/en_utf8/grades.php
View File

@ -71,7 +71,7 @@ $string['configgradeboundary'] = 'A percentage boundary over which grades will b
$string['configgradedisplaytype'] = 'Grades can be shown as real grades, as percentages (in reference to the minimum and maximum grades) or as letters (A, B, C etc..)';
$string['configgradeletter'] = 'A letter or other symbol used to represent a range of grades.';
$string['configgradeletterdefault'] = 'A letter or other symbol used to represent a range of grades. Leave this field empty to use the site default (currently $a).';
$string['configgradepublishing'] = 'Enable publishing in exports and imports: Exported grades can be accessed by accessing a URL, without having to log on to a Moodle site. Grades can be imported by accessing such a URL (which means that a moodle site can import grades published by another site).';
$string['configgradepublishing'] = 'Enable publishing in exports and imports: Exported grades can be accessed by accessing a URL, without having to log on to a Moodle site. Grades can be imported by accessing such a URL (which means that a moodle site can import grades published by another site). By default only administrators may use this feature, please educate users before adding required capabilities to other roles (dangers of bookmark sharing and download accelerators, IP restrictions, etc.).';
$string['configmeanselection'] = 'Select which types of grades will be included in the column averages. Cells with no grade can be ignored, or counted as 0 (default setting).';
$string['configquickfeedback'] = 'Quick Feedback adds a text input element in each grade cell on the grader report, allowing you to edit many grades at once. You can then click the Update button to perform all these changes at once, instead of one at a time.';
$string['configquickgrading'] = 'Quick Grading adds a text input element in each grade cell on the grader report, allowing you to edit the feedback for many grades at once. You can then click the Update button to perform all these changes at once, instead of one at a time.';